There also needs to be some sort of positive reinforcement that helps personalities, who assign so much worth to an online existence, to get more centered. Maybe as their positive rating increases they earn real life rewards from real life companies who offer discounts to experience a real life activity. upon reading the above it sounded negative but the intent is to engage the participant in other areas of life.

The scoring of the online personality will have to be controlled by the site. Similar to a credit reporting agency. Otherwise the bad guys will just make up fake profiles to build up confidence in another profile.

Except ... it's not "the first time". It's ongoing. You can't deploy an app and forget about it. Look at password hashing, 5 years ago MD5 was fine. Then it was salted MD5. Now we need multiple iterations of SHA with salt. Who knows what will be acceptable in another 5 years?

And people don't plan for this. The system is working. It would be too expensive to change now. And when a new exploit comes along, where the platform breaks, or your CMS breaks or whatever the heck else your data is exposed, and the stuff you used to protected it 5 years ago isn't good enough any more.

excellent communication. There is more we should do for security at every stage. I often feel that having double the time would help reach the point where sleep wasn't lost. What do others feel is needed?